You are the enterprise administrator for your company. The company’s network consists of a single Active Directory forest with three domains. The forest is operating at Windows Server 2003 functional level.

The company’s headquarters is in San Diego. An Active Directory site named SanD has been created for the headquarters. This site supports 350 users and includes three Windows Server 2003 domain controllers named DC1, DC2, and DC3. DC1 is the global catalog. The company also has 12 California-based branch offices. Each branch office has an Active Directory site configured. All sites are linked to the SanD site by WAN connections.

The LAEast site is connected to SanD by a 128 Kbps connection. This branch office supports 45 users and includes a Windows Server 2003 domain controller named DC4. DC4 is not a global catalog.

You want to enable universal group membership caching to reduce traffic over the WAN connection and ensure users can authenticate if the WAN connection fails.

What should you do?

A. In Active Directory Users and Computers, open the Domain Controllers container. Open the properties page for DC4. On the General tab, select the Enable Universal Group Membership Caching check box. B. In Active Directory Users and Computers, open the Domain Controllers container. Open the properties page for DC1. On the General tab, select the Enable Universal Group Membership Caching check box. C. In Active Directory Sites and Services, open the SanD site container. Access the NTDS Site Settings properties page, and select the Enable Universal Group Membership Caching check box. D. In Active Directory Sites and Services, open the LAEast site container. Access the NTDS Site Settings properties page, and select the Enable Universal Group Membership Caching check box.

Answer: D. In Active Directory Sites and Services, open the LAEast site container. Access the NTDS Site Settings properties page, and select the Enable Universal Group Membership Caching check box.

Tutorial: You should perform this configuration in Active Directory Sites and Services. Open the LAEast site container, access the NTDS Site Settings properties page, and select the Enable Universal Group Membership Caching check box.

During a typical user logon, the authenticating domain controller must access a global catalog to retrieve the user’s universal group memberships. If the global catalog is in a remote site, the authentication must traverse the WAN link to access the required information. Universal group membership caching allows the local domain controller to store the retrieved information in its local cache indefinitely. The cache is refreshed by default every eight hours and is available for users authenticating to the domain controller, eliminating the need to access the remote global catalog during authentication. To enable universal group membership caching, the NTDS Site Settings for the local domain controller are configured. To use universal group membership caching, the local domain controller must be within a single replication hop from the global catalog.

You should not enable universal group membership caching on the SanD site container. DC1contains the global catalog. Universal group membership caching is appropriate for sites with fewer than 100 users and is appropriately configured on sites where a global catalog is not available.

You should not select either option using Active Directory Users and Computers. The Enable Universal Group Membership Caching setting is found in the NTDS Site Settings properties and cannot be accessed through this console.